Go.Opentelemetry.Io Contrib Instrumentation Net Http Otelhttp vulnerabilities
2 known vulnerabilities affecting go.opentelemetry.io/contrib_instrumentation_net_http_otelhttp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-45142HIGH≥ 0, < 0.44.02023-10-16
CVE-2023-45142 [HIGH] CWE-770 OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
### Summary
This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65
out of the box adds labels
- `http.user_agent`
- `http.method`
that
ghsaosv
CVE-2023-25151HIGH≥ 0.38.0, < 0.39.02023-02-08
CVE-2023-25151 [HIGH] CWE-400 otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
### Impact
The [v0.38.0](https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.13.0) release of [`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/463c2e7cd69d25f40b0a595b05394eeb26c68ae2/instrumentation/net/http/otelh
ghsaosv